If your WordPress website uses cookies — and almost every site does, thanks to analytics tools, contact forms, and embedded media — EU law requires you to ask visitors for their consent before those cookies are set. Failing to do so exposes your business to GDPR, ePrivacy, and CCPA penalties that can reach into the tens of thousands of euros.
The usual answers are frustrating. Generic WordPress cookie consent plugins flood your dashboard with settings you don't understand, produce banners that block your entire page, or quietly stop blocking third-party scripts the moment a visitor clicks "Decline." Hosted consent management platforms can cost hundreds of dollars a year and still require a developer to wire them up properly.
Secure Privacy is different. It automatically scans your site for cookies, categorises them, generates a legally compliant cookie declaration, and blocks all tracking scripts until a visitor gives explicit consent — all through a single lightweight script added to your website header. No coding, no bloated plugin, no ongoing maintenance headaches.
This guide walks you through installing the Secure Privacy cookie consent script on a WordPress website built with Elementor — the world's most popular drag-and-drop page builder — using the free Insert Headers and Footers plugin. The whole process takes under five minutes, and by the end your site will block cookies before consent, display a fully branded GDPR-compliant consent banner, and stay audit-ready automatically.
Who Is This Guide For?
WordPress site owners using Elementor or Elementor Cloud
Businesses that need GDPR, ePrivacy, or CCPA cookie compliance without hiring a developer
Anyone who has tried a basic cookie banner plugin and found it inadequate for true script-blocking compliance
New Secure Privacy customers completing their initial setup
Before You Begin: Prerequisites
A Secure Privacy account and installation script. Log in at secureprivacy.ai, navigate to Domains → Installation, and copy your unique Secure Privacy script snippet. Keep this tab open — you'll paste the script during Step 4 below.
Admin access to your WordPress dashboard. You'll need permission to install plugins and modify site-wide settings.
An Elementor or Elementor Cloud website. These steps work for both self-hosted WordPress + Elementor and Elementor Cloud.
Installing Secure Privacy on Your WordPress Elementor Website
Step 1 — Log in to your Elementor account
Go to my.elementor.com and sign in with your Elementor credentials.
Log in to your Elementor Cloud account at my.elementor.com.
Step 2 — Open the WordPress administration panel
Once logged in, click the Edit Website button to switch to your site's WordPress admin dashboard.
Step 3 — Install the "Insert Headers and Footers" plugin
In the WordPress left sidebar, go to Plugins → Add New. Search for Insert Headers and Footers (free, by WPBeginner), install it, and activate it. This plugin lets you add scripts — including your Secure Privacy cookie consent code — directly to your site's <head> without editing theme files.
Search for "Insert Headers and Footers" in the WordPress Plugin Directory and click Install Now.
Step 4 — Paste your Secure Privacy script into the header
Navigate to Settings → Insert Headers and Footers. In the Scripts in Header field, paste your Secure Privacy installation script on the very first line, above any other code that may already be there. Placing the script at the top of the <head> ensures Secure Privacy loads before any other cookies or tracking scripts — blocking them until the visitor gives explicit consent.
Paste the Secure Privacy script at the very top of the "Scripts in Header" field.
Step 5 — Save the changes
Scroll to the bottom of the page and click Save. Your Secure Privacy cookie consent banner is now live on your WordPress Elementor website.
After Installation: Rescan Your Website to Keep Your Cookie Declaration Current
With the script in place, run a fresh cookie scan so your Secure Privacy dashboard reflects the current state of your site. In your Secure Privacy account, go to Report → Scan Reports in the left sidebar and click Rescan. This keeps your Cookie Declaration accurate, up to date, and legally defensible — an important step before sharing your privacy policy or cookie notice with visitors.
Troubleshooting: Cookie Consent Banner Not Showing?
If your consent banner does not appear after saving, work through these checks:
Script position: Confirm the Secure Privacy snippet is on the first line of the Scripts in Header field with no blank lines before it.
Browser cache: Clear your browser cache and cookies, then reload the page in a private/incognito window to simulate a first-time visitor.
Plugin conflicts: Temporarily deactivate other caching or optimisation plugins (e.g., WP Rocket, W3 Total Cache) and check whether the banner appears. Re-enable them one at a time to identify a conflict.
Domain mismatch: Verify that the domain registered in your Secure Privacy account matches the domain you are testing. The script is domain-specific.
Script copied incorrectly: Return to Domains → Installation in your Secure Privacy account, copy the script again in full, and replace the existing entry in the header field.
Frequently Asked Questions
Do I need a cookie consent banner on my WordPress website?
Yes — if your website uses any cookies that track or identify visitors (analytics, advertising, embedded video, social share buttons, etc.) and you have visitors from the EU, UK, California, or other regulated jurisdictions, you are legally required to obtain informed consent before those cookies are set. A cookie banner alone is not enough; the underlying scripts must also be blocked until consent is given. Secure Privacy handles both requirements automatically.
Does Secure Privacy work with Elementor and Elementor Cloud?
Yes. Because Secure Privacy runs as a header script — independent of any page builder — it works seamlessly with Elementor, Elementor Cloud, and all Elementor-powered WordPress themes. No additional configuration inside Elementor is required.
Will Secure Privacy block Elementor's own scripts before consent?
Secure Privacy uses a whitelist/category approach. Core functional scripts required for your site to operate — including essential Elementor scripts — can be categorised as "Necessary" and will always run. Only scripts that fall under Analytics, Marketing, or Preferences categories will be blocked until the visitor grants consent for those categories.
Can I add the Secure Privacy script to WordPress without a plugin?
Yes. If you prefer not to use a plugin, you can add the script directly to your active theme's functions.php file using wp_enqueue_script() with a high priority, or via a child theme's header template. The plugin method described in this guide is recommended for non-developers because it requires no code editing and survives theme updates.
How is Secure Privacy different from a standard WordPress cookie consent plugin?
Most WordPress cookie plugins display a banner but do not actually block third-party tracking scripts before consent — which means they do not make your site compliant with GDPR's "prior consent" requirement. Secure Privacy automatically scans your site to detect all cookies and trackers, blocks them at the script level before consent is obtained, generates a legally required cookie declaration, and logs consent records for audit purposes.
Do I need to rescan my WordPress site after every update?
It is good practice to rescan whenever you add a new plugin, change your theme, or add new third-party integrations (e.g., a new analytics tool or live chat widget). Secure Privacy also supports scheduled automatic rescans so your cookie declaration stays current without manual intervention.
Related Articles
How to Install Secure Privacy on WordPress (All Themes)[?]
Adding Cookie Consent to a WooCommerce Store[?]
Running Your First Cookie Scan in Secure Privacy[?]
How Secure Privacy Records and Stores Consent Logs[?]